Privacy Policy

1. Summary

• Minimal data: We collect only what is necessary to provision and operate your bot instance.
• Credential storage: We store your Telegram bot token, Telegram user ID, and an encrypted copy of your OpenRouter API key to enable deployment and redeployment of your instance.
• No conversation data: We never receive, store, or process the content of conversations between you and your bot.
• No ad tracking: We do not use advertising cookies or cross-site tracking.
• Data in transit: All connections to yellowcrab.ai are encrypted via HTTPS/TLS.
• EU hosting: Your data is hosted in the EU via Supabase (Frankfurt region).

2. Data we collect and why

2.1 Account data

• Email address: Provided via Google OAuth when you sign up. Used for account identification, authentication, and service communications.
• Google profile information: If you sign in with Google, Google provides your email address and basic profile information for authentication purposes only. This is subject to Google’s Privacy Policy.

2.2 Instance credentials

The following credentials are collected during the setup wizard and stored in our database in order to deploy and operate your bot instance:

• Telegram bot token: The API token for your Telegram bot. Stored in our database and deployed to your dedicated server. Required to operate your bot and re-deploy it if needed.
• Telegram user ID: Your numeric Telegram chat ID. Stored to lock the bot to your account, verify ownership, and support redeployment scenarios without requiring you to re-enter it manually.
• OpenRouter API key: Your personal OpenRouter API key. Stored encrypted in our database (AES-256 encryption at rest) and deployed to your server to enable AI inference. Retained while your account is active to support redeployment and instance recovery.

Note: Your OpenRouter API key is stored in encrypted form. Our operational staff does not routinely access it, but we cannot guarantee it is inaccessible in all circumstances (e.g., system administration, security incidents, or legal obligation). You may revoke and rotate your OpenRouter key at any time from your OpenRouter account.

2.3 Bot configuration

• AI model preferences: Your chosen primary and fallback AI model identifiers (e.g., model names available on OpenRouter).
• Bot name and username: The display name and username of your Telegram bot.

2.4 Infrastructure data

• Server IP address: The public IP address of the server provisioned for your instance — stored to enable management, redeployment, and dashboard controls. An IP address linked to your account may constitute personal data under applicable law.
• Internal service references: Internal identifiers assigned by our infrastructure providers (e.g., server and deployment management references) — stored solely for operational management of your instance and not shared externally.
• Deployment logs and errors: Operational output from deployment processes, stored to assist with troubleshooting and support.
• Instance status: The current operational state of your bot (e.g., running, paused, error) for display in your dashboard.

2.5 Subscription and billing data

• Stripe customer and subscription identifiers: References to your Stripe customer and subscription records for billing management. We do not store full payment card details.
• Plan and status information: Your current subscription plan, status, billing period dates, and any upgrade history.

2.6 Analytics

We use Datafast for privacy-preserving, aggregated analytics on the yellowcrab.ai website (e.g., page views). This does not involve identifying individual users or reading any account or conversation data.

2.7 What we do not collect

• Conversation content: Messages sent to or from your bot are never stored in YellowCrab’s database. They pass directly between chosen messenger, your server, and OpenRouter.
• Advertising identifiers or ad trackers.
• Cross-site tracking data.
• We do not sell your personal data to any third party.

3. Lawful bases for processing (GDPR)

• Contract performance: Processing your account data, credentials, and subscription data is necessary to provide the Service you have subscribed to.
• Legitimate interests: We process infrastructure and operational data to secure the Service, diagnose issues, and maintain reliability.
• Legal obligation: We may process or retain data to comply with applicable laws or respond to lawful requests from competent authorities.

4. How we use your data

• Provision, deploy, and operate your bot instance on Hetzner infrastructure.
• Display instance status and controls in your dashboard.
• Process your subscription payments via Stripe.
• Send essential service communications (e.g., billing notices, security alerts).
• Diagnose and resolve technical issues using deployment logs.
• Improve the Service using aggregated, anonymized analytics.

5. Data sharing and processors

We share your data only with trusted sub-processors necessary to operate the Service. We do not sell your data.

• Supabase — Database, authentication, and serverless edge functions. Data is hosted in the EU (Frankfurt region). Supabase acts as our data processor under a Data Processing Agreement.
• Stripe — Payment processing for subscriptions. Stripe receives the billing information you provide at checkout. We receive only billing metadata (e.g., subscription status, customer ID). Stripe’s handling of your payment data is governed by Stripe’s own Privacy Policy.
• Google — OAuth authentication. If you sign in with Google, Google shares your email and basic profile with us solely for authentication. Governed by Google’s Privacy Policy.
• Hetzner Cloud — Cloud server infrastructure. YellowCrab provisions and controls a dedicated server on Hetzner for your instance. Your credentials and bot configuration reside on this server. The server is owned and administered by YellowCrab as part of the Service; it is not owned by you.
• Coolify — Deployment orchestration software running on the server provisioned for your instance. Your credentials are passed to Coolify to configure your bot container.
• OpenClaw — The AI chatbot software deployed on your instance. OpenClaw is an independent open-source project. YellowCrab does not control its source code or security posture. Conversation data processed by your running OpenClaw instance is not stored in YellowCrab’s database, but it does transit your server and OpenRouter. YellowCrab is not responsible for any data handling that occurs within the OpenClaw software itself.
• OpenRouter — AI model gateway accessed via your own API key. YellowCrab transmits your OpenRouter key to the server provisioned for your instance for deployment purposes. Your usage of OpenRouter, including any data sent to AI models, is governed by OpenRouter’s Terms and Privacy Policy.
• Telegram — Messaging platform. Your bot token is transmitted to Telegram’s API to register and operate your bot. Messages you send to your bot transit Telegram’s infrastructure; their handling is subject to Telegram’s Privacy Policy.
• Datafast — Website analytics. Receives aggregated, anonymized page view data from yellowcrab.ai.

We disclose personal data to third parties only as required by law, to enforce these Terms, or to protect the rights, property, or safety of YellowCrab, our users, or the public.

6. International transfers

We aim to keep your data within the European Union. Our primary database and authentication infrastructure (Supabase) is hosted in Frankfurt, Germany. If any data is processed outside the EU by sub-processors (e.g., Stripe, Google), such transfers rely on lawful mechanisms including Standard Contractual Clauses and/or adequacy decisions.

7. Security and breach notification

We implement appropriate technical and organizational measures to protect your data, including HTTPS/TLS encryption in transit, AES-256 database encryption at rest for sensitive fields (including your OpenRouter API key), Row Level Security (RLS) database policies, and authenticated access controls. No system is completely secure, and we cannot guarantee absolute security.

In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you at the email address associated with your account as promptly as reasonably possible, so you can take protective action — such as revoking and rotating any affected API keys. Where required by applicable law, we will also report qualifying breaches to the competent supervisory authority within 72 hours of becoming aware of them.

8. Data retention

• Account and instance data: Retained while your account is active. Upon account deletion, we will delete or anonymize your personal data within a reasonable period, subject to any legal retention requirements.
• Subscription data: Billing records may be retained for the period required by applicable financial and tax law.
• Deployment logs: Retained for a limited operational period and then deleted or anonymized.
• Credentials (Telegram token, Telegram user ID, OpenRouter key): Retained while your account is active to support redeployment. Deleted upon account deletion or your written request.

To delete your account and all associated data, contact us at support@yellowcrab.ai. Any active subscription will be cancelled and your server instance will be decommissioned.

9. Your rights (EU/EEA)

Subject to applicable law, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data (subject to legal retention obligations).
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Objection: Object to processing based on legitimate interests.
• Portability: Receive your data in a structured, machine-readable format.
• Complaint: Lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at support@yellowcrab.ai.

If you are based in Poland or the EU/EEA, you may also lodge a complaint with the supervisory authority in your country of residence. In Poland, the competent authority is the President of the Personal Data Protection Office (UODO — Urząd Ochrony Danych Osobowych, uodo.gov.pl).

10. Cookies

We use only strictly necessary cookies. Specifically:

• Authentication session cookies — set by our infrastructure (Supabase) to keep you signed in. These are essential for the Service to function.
• UI preference cookie — a small cookie (sidebar_state) that remembers whether your sidebar is open or closed, so your layout preference persists across page loads. It expires after 7 days.

We do not use advertising, tracking, or profiling cookies. Our analytics provider (Datafast) does not use cookies and does not track you across sites — it only collects anonymised, aggregated page-view data.

If you sign in with Google, Google may set its own authentication cookies during the OAuth flow, subject to Google’s Cookie Policy. These are beyond our control.

11. Children’s privacy

The Service is not directed to individuals under 16 years of age (or the applicable age of digital consent in your country). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

12. Data controller and contact

YellowCrab operates as the data controller for the personal data described in this Policy. We are based in Poland, European Union. For questions, requests, or concerns about this Privacy Policy or your personal data, contact us at support@yellowcrab.ai.

13. Changes to this Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide reasonable advance notice via email or in-app notification. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.